Topic sk jcs 13724 & jcs 13758 (#177)

MRs for jiras :
JCS-13724 : ER 33432789 Run network validation script when provisioning
WLS for OCI with existing subnets & JCS-13758
: Modifications needed to the network validation scripts before
implementing ER 33432789

Tests run
---------
Existing subnets, existing nsgs , and bastion
Existing subnets, existing nsgs, and lb with regional subnets
Existing subnets, existing nsgs, and lb1 & lb2 with AD subnets
Existing subnets, existing nsgs, and fss
Existing subnets, existing nsgs, and fss  with atp db
Existing subnets, existing nsgs, and fss with oci db - Testing in
progress
Existing subnets, existing nsgs, and destroy

Tested negative tests
-----------------------
Apply failed due to port issues, fix and run reapply.
Apply failed due to port issues, skip the validation and rerun.

Author: skommala

terraform/locals.tf

@@ -148,7 +148,7 @@ locals {
     var.wls_extern_ssl_admin_port,
   ) : ""
 
-  use_apm_service = (var.use_apm_service || var.use_autoscaling)
+  use_apm_service           = (var.use_apm_service || var.use_autoscaling)
   apm_domain_compartment_id = local.use_apm_service ? lookup(data.oci_apm_apm_domain.apm_domain[0], "compartment_id") : ""
 
 

terraform/main.tf

@@ -1,7 +1,30 @@
 # Copyright (c) 2023, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
+module "network-validation" {
+  source                         = "./modules/network-validator"
+  count                          = local.use_existing_subnets && !var.skip_network_validation ? 1 : 0
+  wls_subnet_id                  = var.wls_subnet_id
+  bastion_subnet_id              = var.is_bastion_instance_required ? var.bastion_subnet_id : ""
+  bastion_ip                     = var.is_bastion_instance_required && var.existing_bastion_instance_id != "" ? data.oci_core_instance.existing_bastion_instance[0].private_ip : ""
+  lb_subnet_1_id                 = var.add_load_balancer ? var.lb_subnet_1_id : ""
+  lb_subnet_2_id                 = var.add_load_balancer && !local.use_regional_subnet ? var.lb_subnet_2_id : ""
+  mount_target_subnet_id         = var.add_fss ? var.mount_target_subnet_id : ""
+  atp_db_id                      = !local.is_oci_db ? var.atp_db_id : ""
+  oci_db_dbsystem_id             = local.is_oci_db ? var.oci_db_dbsystem_id : ""
+  oci_db_port                    = local.is_oci_db ? var.oci_db_port : 0
+  wls_extern_admin_port          = var.wls_extern_admin_port
+  wls_extern_ssl_admin_port      = var.wls_extern_ssl_admin_port
+  wls_ms_extern_port             = var.wls_ms_extern_port
+  existing_admin_server_nsg_id   = var.add_existing_nsg ? var.existing_admin_server_nsg_id : ""
+  existing_managed_server_nsg_id = var.add_existing_nsg ? var.existing_managed_server_nsg_id : ""
+  existing_lb_nsg_id             = var.add_existing_nsg && var.add_load_balancer ? var.existing_lb_nsg_id : ""
+  existing_mount_target_nsg_id   = var.add_existing_nsg && var.add_fss ? var.existing_mount_target_nsg_id : ""
+  existing_bastion_nsg_id        = var.add_existing_nsg && var.is_bastion_instance_required ? var.existing_bastion_nsg_id : ""
+}
+
 module "system-tags" {
+  depends_on     = [module.network-validation]
   source         = "./modules/resource-tags"
   compartment_id = var.compartment_ocid
   service_name   = var.service_name
@@ -180,6 +203,7 @@ module "network-bastion-subnet" {
 }
 
 module "policies" {
+  depends_on             = [module.network-validation]
   source                 = "./modules/policies"
   count                  = var.create_policies ? 1 : 0
   compartment_id         = var.compartment_ocid
@@ -214,6 +238,7 @@ module "policies" {
 
 
 module "bastion" {
+  depends_on          = [module.network-validation]
   source              = "./modules/compute/bastion"
   count               = (!local.assign_weblogic_public_ip && var.is_bastion_instance_required && var.existing_bastion_instance_id == "") ? 1 : 0
   availability_domain = local.bastion_availability_domain
@@ -301,6 +326,7 @@ module "network-mount-target-private-subnet" {
 }
 
 module "vcn-peering" {
+  depends_on                     = [module.network-validation]
   count                          = local.is_vcn_peering ? 1 : 0
   source                         = "./modules/network/vcn-peering"
   resource_name_prefix           = local.service_name_prefix
@@ -318,7 +344,8 @@ module "vcn-peering" {
 }
 
 module "validators" {
-  source = "./modules/validators"
+  depends_on = [module.network-validation]
+  source     = "./modules/validators"
 
   service_name               = var.service_name
   wls_ms_port                = var.wls_ms_extern_port
@@ -436,8 +463,9 @@ module "validators" {
 }
 
 module "fss" {
-  source = "./modules/fss"
-  count  = var.add_fss ? 1 : 0
+  depends_on = [module.network-validation]
+  source     = "./modules/fss"
+  count      = var.add_fss ? 1 : 0
 
   compartment_id      = var.compartment_ocid
   availability_domain = local.fss_availability_domain
@@ -458,8 +486,9 @@ module "fss" {
 }
 
 module "load-balancer" {
-  source = "./modules/lb/loadbalancer"
-  count  = (local.add_load_balancer && var.existing_load_balancer_id == "") ? 1 : 0
+  depends_on = [module.network-validation]
+  source     = "./modules/lb/loadbalancer"
+  count      = (local.add_load_balancer && var.existing_load_balancer_id == "") ? 1 : 0
 
   compartment_id           = local.network_compartment_id
   lb_reserved_public_ip_id = compact([var.lb_reserved_public_ip_id])
@@ -478,17 +507,19 @@ module "load-balancer" {
 }
 
 module "observability-common" {
-  source = "./modules/observability/common"
-  count  = var.use_oci_logging ? 1 : 0
+  depends_on = [module.network-validation]
+  source     = "./modules/observability/common"
+  count      = var.use_oci_logging ? 1 : 0
 
   compartment_id      = var.compartment_ocid
   service_prefix_name = local.service_name_prefix
   add_delay           = var.use_autoscaling
 }
 
 module "observability-autoscaling" {
-  source = "./modules/observability/autoscaling"
-  count  = var.use_autoscaling ? 1 : 0
+  depends_on = [module.network-validation]
+  source     = "./modules/observability/autoscaling"
+  count      = var.use_autoscaling ? 1 : 0
 
   compartment_id        = var.compartment_ocid
   metric_compartment_id = local.apm_domain_compartment_id
@@ -647,8 +678,9 @@ module "compute" {
 }
 
 module "load-balancer-backends" {
-  source = "./modules/lb/backends"
-  count  = local.add_load_balancer ? 1 : 0
+  depends_on = [module.network-validation]
+  source     = "./modules/lb/backends"
+  count      = local.add_load_balancer ? 1 : 0
 
   resource_name_prefix = local.service_name_prefix
   load_balancer_id     = local.add_load_balancer ? (var.existing_load_balancer_id != "" ? var.existing_load_balancer_id : element(coalescelist(module.load-balancer[*].wls_loadbalancer_id, [""]), 0)) : ""
@@ -661,8 +693,9 @@ module "load-balancer-backends" {
 }
 
 module "observability-logging" {
-  source = "./modules/observability/logging"
-  count  = var.use_oci_logging ? 1 : 0
+  depends_on = [module.network-validation]
+  source     = "./modules/observability/logging"
+  count      = var.use_oci_logging ? 1 : 0
 
   compartment_id                        = var.compartment_ocid
   oci_managed_instances_principal_group = element(concat(module.policies[*].oci_managed_instances_principal_group, [""]), 0)
@@ -678,7 +711,8 @@ module "observability-logging" {
 }
 
 module "provisioners" {
-  source = "./modules/provisioners"
+  depends_on = [module.network-validation]
+  source     = "./modules/provisioners"
 
   existing_bastion_instance_id = var.existing_bastion_instance_id
   host_ips                     = coalescelist(compact(module.compute.instance_public_ips), compact(module.compute.instance_private_ips), [""])

terraform/modules/network-validator/locals.tf

@@ -0,0 +1,22 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+locals {
+  validation_script_wls_subnet_param                     = var.wls_subnet_id != "" ? format("--wlssubnet %s", var.wls_subnet_id) : ""
+  validation_script_bastion_subnet_param                 = var.bastion_subnet_id != "" ? format("--bastionsubnet %s", var.bastion_subnet_id) : ""
+  validation_script_bastion_ip_param                     = var.bastion_ip != "" ? format("--bastionip %s", var.bastion_ip) : ""
+  validation_script_lb_subnet_1_param                    = var.lb_subnet_1_id != "" ? format("--lbsubnet1 %s", var.lb_subnet_1_id) : ""
+  validation_script_lb_subnet_2_param                    = var.lb_subnet_2_id != "" ? format("--lbsubnet2 %s", var.lb_subnet_2_id) : ""
+  validation_script_wls_lb_port                          = var.wls_ms_extern_port != "" ? format("--externalport %s", var.wls_ms_extern_port) : ""
+  validation_script_mount_target_subnet_param            = var.mount_target_subnet_id != "" ? format("--fsssubnet %s", var.mount_target_subnet_id) : ""
+  validation_script_atp_db_id_param                      = var.atp_db_id != "" ? format("--atpdbid %s", var.atp_db_id) : ""
+  validation_script_oci_db_dbsystem_id_param             = var.oci_db_dbsystem_id != "" ? format("--ocidbid %s", var.oci_db_dbsystem_id) : ""
+  validation_script_oci_db_port_param                    = var.oci_db_port != 0 ? format("--ocidbport %s", var.oci_db_port) : ""
+  validation_script_http_port_param                      = var.wls_extern_admin_port != "" ? format("--http_port %s", var.wls_extern_admin_port) : ""
+  validation_script_https_port_param                     = var.wls_extern_ssl_admin_port != "" ? format("--https_port %s", var.wls_extern_ssl_admin_port) : ""
+  validation_script_existing_admin_server_nsg_id_param   = var.existing_admin_server_nsg_id != "" ? format("--adminsrvnsg %s", var.existing_admin_server_nsg_id) : ""
+  validation_script_existing_managed_server_nsg_id_param = var.existing_managed_server_nsg_id != "" ? format("--managedsrvnsg %s", var.existing_managed_server_nsg_id) : ""
+  validation_script_existing_lb_nsg_id_param             = var.existing_lb_nsg_id != "" ? format("--lbnsg %s", var.existing_lb_nsg_id) : ""
+  validation_script_existing_mount_target_nsg_id_param   = var.existing_mount_target_nsg_id != "" ? format("--fssnsg %s", var.existing_mount_target_nsg_id) : ""
+  validation_script_existing_bastion_nsg_id_param        = var.existing_bastion_nsg_id != "" ? format("--bastionnsg %s", var.existing_bastion_nsg_id) : ""
+}